Medical Billing Forum

HIPAA => HIPAA => Topic started by: ste on August 03, 2009, 04:27:25 PM

Title: logging on as administrator
Post by: ste on August 03, 2009, 04:27:25 PM
In the August/September issue of BC Advantage magazine there is an article titled "They Say They Are HIPAA Compliant, But..."
The article discusses software programs that require users to log on as administrator as not being in compliance. Both DAQbilling and Practicemate require users to log on as administrators. Does this mean that these PMS programs are not HIPAA compliant?
Title: Re: logging on as administrator
Post by: PMRNC on August 03, 2009, 06:49:14 PM
Have not read the article, however the software should allow for administrator and user login, all PM softwares need that for the audit trail in addition to being HIPAA compliant. Not sure why having an admin login would make it NOT compliant unless others are USING that one admin login! Each person should be assigned their own login.
DAQ is most certainly HIPAA compliant. Without seeing the article I can't really see if you were mis-reading anything.
Title: Re: logging on as administrator
Post by: ste on August 03, 2009, 09:59:25 PM
When a person turns on their computer they have the option of logging on as a standard user or an administrative user. The former is safer while being on-line, because viruses are less likely to infect the computer, and also standard users cannot alter many settings on their computers. Administrative users, like viruses, can adjust settings on a computer, consequently it is not too terribly safe to surf the internet while being logged on to your own computer as an administrator.

Most PMS programs, like DAQbilling and Practicemate, require users to log on to their own computers as administrators not as standard users, otherwise the program doesn't work or you just can't log on.

The author clearly states, "This is only my opinion", and makes a disclaimer about not being a lawyer. Furthermore the article relates more toward larger organizations and doctor office settings rather than some cottage billing operation, such as myself. Summerlin's arguments restrict themselves to those individuals working on a computer with administrative rights which gives them full access to everything on the program when perhaps all they really need access to might be scheduling.

However, let us assume for the moment that I have Antek's program downloaded onto my computer. Then one morning I wake up, log on to my computer with administrative rights, click on the DAQbilling icon, type in my user name and password, hit enter and watch the paw prints develop across the screen. At that point, because I am logged on to my computer as an administrator, DAQbilling has complete access to everything on my computer. Since both Antek and my billing operation are covered entities under HIPAA and therefore subjected to the Minimum Necessity clause has Antek made a reasonable effort to determine how much information, from my computer in this case, is needed to serve the purpose for which it is being used?
Title: Re: logging on as administrator
Post by: Michele on August 04, 2009, 07:01:41 AM
Haven't had time to read my copy yet.  I'm planning on reading it this week and now I'm looking forward to that article.  I'll let you know what I think!

Title: Re: logging on as administrator
Post by: PMRNC on August 04, 2009, 08:27:10 AM
Ok, I found the article at this link
I'm not sure if the person who has it on their site has permission to do so but there it is.

Anyway, the writer DOES makes a point..however in MOST offices the staff's jobs are all intertwined/connected so their need to know access is there, it's NOT likely the person who does the scheduling should only be a standard user because she could be on the phone with the patient and the patient will ask "Oh by the way, what's my copay?, What's my balance" It's not very efficient for the scheduling person to say, "Oh I don't have access to that, let me find the biller." 
The author of the article appears to be a third party billing company but making assumptions about the as needed feature of the administrator operator of the PC. What I think is unfair is that PC Owners have a different level of responsibility. If I am the physician I want my staff to have access all the information they need to do their jobs, but it's MY responsibility to be sure we are running proper firewalls, anti-virus, etc. The software vendor is responsible for meeting the minimum standards to which most (if not all do).

Not for nothing but I was a bit offended by the "cottage" biller remark, it's not too difficult to know where that came from.  ???  Maybe I just needed to have that second cup of coffee.
Title: Re: logging on as administrator
Post by: ste on August 04, 2009, 06:45:40 PM
First, let me apologize for the cottage remark. I'm sorry. I came across the term in an article and sensed it was derogatory, but I really wasn't sure. Curious as to its meaning I used it in a post wondering if it would initiate a response, and I made sure to direct the word at myself and not others. I’d like to explain where I got the word, my interpretation of it, and how it relates to my own fears or misgivings in starting a medical billing company.

 AM J Orthop. 2007;36(3):158-161.

Jennifer O’Brien, a consultant with KarenZupko & Associates, wrote a practical article for physicians describing specific questions to ask outsourcing billing companies prior to taking on their services. The list of questions is thorough and well thought out. Many of the questions were new to me; moreover, many were over my head.

At the beginning of the article she paints a picture of a doctor all flustered with an invoice from his biller in his hand flailing it back and forth above his head. The doctor is complaining and trying to figure out why the biller waited so long to file a claim. At this point the author cuts in, “This doctor had chosen a cottage billing company…” As a reader my reaction was, “Oh Please! Even I know a biller has to file claims every day, and couldn’t the author have painted a less contrived picture?”

In this article a cottage billing company might be construed as an inexperienced beginner, or an inattentive entrepreneur, or both. In an attempt to give people the benefit of the doubt I have to assume it’s the former. As a beginner I know I am going to make mistakes, but I am quick to catch them and learn from them. I like Tammy Harlan’s approach which is “fake it till you make it”. 
Title: Re: logging on as administrator
Post by: PMRNC on August 04, 2009, 07:51:10 PM
So are you the author?

I'm glad you explained the "cottage biller" but I was probably over-sensitive on the issue. A long while back a VERY large Association referred to some medical billing companies (implying small time) "Kitchen Table Billers" and not just once but several times used in various publications, articles, forums, etc. Needless to say that was a few years ago but it left a terrible taste in my mouth. 

I think your article overall was very good you raised a point I don't think many of us have thought of.
Title: Re: logging on as administrator
Post by: Pay_My_Claims on August 04, 2009, 08:14:39 PM
I like Tammy Harlan’s approach which is “fake it till you make it”. 

That motto is the reason why so many physicians are burned by billing services. Why do people want to get in this business with no experience totally sickens me. Yes it is my PET PEEVE. We always speak about all the rules and all the liabilities and Hipaa and OIG, but we have the flippant attitude of "fake it til you make it'. All I can say is please let me know who you bill for so I can clean up!!!
Title: Re: logging on as administrator
Post by: Pay_My_Claims on August 04, 2009, 09:08:46 PM
~~~ Although I still stand by my opinion, a good friend said I may have taken it out of context so.........if that's the case, I always extend apologies. If not, I toss down my hanky in the fair game of intellectual battle of difference in opinions!!! ;D